Video, audio are network drains

We all do it from time to time. We might watch a quick video on YouTube, listen to Internet radio or stream the latest album by one of our favorites while we work.

But one thing we don't really think about is what effect that can have on the corporate network.

A recent user survey conducted by NetScout, a vendor of network performance monitoring tools, uncovered some prime examples of network misuse and its network impact. The study also found that depending on the end user's location, IT shops have different ways of monitoring for network behavior and misuse.

Eileen Haggerty, director of solutions marketing for NetScout, said the survey was designed to take a look at how end users use the network and what network administrators are doing to curb misuse.

The result, however, found misuse is rampant.

According to the survey, 76% of respondents have found end users watching streaming video such as sports, news and music, and 73% said they've uncovered the use of Internet radio and streaming audio. Further down the list, 63% found end users clogging the network pipes with instant messaging; 58% with file sharing, downloading and using peer-to-peer applications; and 51% caught their employees playing games like online poker and Doom.

Despite the findings, 52% of respondents said they don't monitor for network abuse at headquarters, while 48% don't monitor at the data center and 50% don't monitor at remote locations. Several companies polled, however, use some form of content filtering or are alerted to misuse by their network monitoring systems. Others rely on managers and end users to alert IT of misuse.

Some misuse unintentional

Haggerty said end user misuse is often not malicious, but mostly ignorance of how Internet radio and streaming video can clog network pipes, resulting in slow performance and, in a worst case scenario, downtime.

"Many of them have no idea what it does to the company's network," Haggerty said. "The assumption is nothing is going on."

Plus, some radio stations even promote breaking the rules and listening to them online at work. A recent radio spot for Boston-area station 93.7 MIKE FM actually encourages it. "No radio at work?" asks the promo. "No problem. Listen to MIKE streaming at 937MIKEFM.com. And when IT comes to complain, blame it on your cubemates and then keep doing it."

Following that advice could have quite a negative impact, especially in small remote and branch office situations.

A senior network engineer for an international pharmaceutical company based in the northeast with more than 200 locations globally said the results of the survey jibe with the patterns of misuse he has frequently seen. The engineer asked that his and his company's name not be used because he is not authorised to talk to the press.

"The biggest misuse we've seen in the past was streaming audio and video," he said, adding that the company managed to scale that back at the Internet offload points by setting policies that block certain types of traffic.

At one point, however, misuse was so rampant that up to 50% of Internet bandwidth was being gobbled up by "recreational activity," the engineer said.

Patterns identify misuse

He said the drug company uses NetScout probes to capture certain traffic patterns. Set up with triggers, the probes initiate capture when they recognise specific forms of traffic coming in. He also prints utilisation reports to see top application usage on WAN links.

The engineer said the network often gets bogged down by gaming, peer-to-peer applications and file sharing at the company's remote locations in Asia Pacific.

Now, every time an end user logs in, the company's business use policy appears.

"You could have a situation where a remote office with 15 to 18 employees uses a T-l link," Haggerty said. "A couple of users [streaming video] could consume a quarter of the available bandwidth."

Part of the NetScout study asked network admins to detail some of the most outrageous or bizarre examples of network misuse they found. Some discovered users downloading Microsoft patches during business hours; some found pornography, especially in remote locations; two companies found employees watching daycare nanny-cams; and one found a remote office employee inviting friends in for an after-hours Doom session. Likely the most egregious, however, was one company that found an employee using a corporate server to host movies for Vietnamese audiences for pay.

The drug company network engineer said he has run into many of the examples listed in the study. At times, misuse has created major performance issues for true business needs and required IT to troubleshoot to find the problem.

"Even though a lot of the users won't like it, the smartest thing to do is try to implement a smart filter system and keep it up to date," he said. "It makes it easier than trying to stay ahead of the problem yourself."

According to Haggerty, a number of companies cited using content filters at the firewall to prevent misuse, but for branch offices, filtering can be costly. Others, like the pharmaceutical company, use products like NetScout's nGenius suite set to identify unwanted traffic types and alert admins when misuse arises.

The problem, she said, is that many companies need to set policies regarding what types of uses are allowed and during which times of day. For instance, listening to a podcast could be a business use, but could still clog the pipe.

"How are you going to allow for network use within a company?" is the big struggle, Haggerty said.